Search Results

1 - 10 of 34 items :

  • "correlation" x
  • IT-Security and Cryptology x
Clear All
Waterfilling: Balancing the Tor network with maximum diversity

IEEE Computer Security Foundations Symposium , pages 3–12. IEEE, 2009. [22] A. Johnson, C. Wacek, R. Jansen, M. Sherr, and P. Syverson. Users get routed: Traffic correlation on tor by realistic adversaries. In Proceedings of the 20th ACM conference on Computer and Communications Security (CCS 2013) , November 2013. [23] J. Juen, A. Johnson, A. Das, N. Borisov, and M. Caesar. Defending tor from network adversaries: A case study of network path prediction. Proceedings on Privacy Enhancing Technologies , 2015(2):171–187, 2015. [24] B. N. Levine, M. K

Open access
Tracking Anonymized Bluetooth Devices

Abstract

Bluetooth Low Energy (BLE) devices use public (non-encrypted) advertising channels to announce their presence to other devices. To prevent tracking on these public channels, devices may use a periodically changing, randomized address instead of their permanent Media Access Control (MAC) address. In this work we show that many state-of-the-art devices which are implementing such anonymization measures are vulnerable to passive tracking that extends well beyond their address randomization cycles. We show that it is possible to extract identifying tokens from the pay-load of advertising messages for tracking purposes. We present an address-carryover algorithm which exploits the asynchronous nature of payload and address changes to achieve tracking beyond the address randomization of a device. We furthermore identify an identity-exposing attack via a device accessory that allows permanent, non-continuous tracking, as well as an iOS side-channel which allows insights into user activity. Finally, we provide countermeasures against the presented algorithm and other privacy flaws in BLE advertising.

Open access
Data-plane Defenses against Routing Attacks on Tor

. [18] R. Jansen and N. Hopper. Shadow: Running Tor in a Box for Accurate and Efficient Experimentation. In Network and Distributed System Security Symposium (NDSS), 2012. [19] A. Johnson, C. Wacek, R. Jansen, M. Sherr, and P. Syverson. Users Get Routed: Traffic Correlation on Tor By Realistic Adversaries. In ACM Conference on Computer and Communications Security (CCS), November 2013. [20] A. M. Johnson, P. Syverson, R. Dingledine, and N. Mathewson. Trust-based Anonymous Communication: Adversary Models and Routing Algorithms. In ACM

Open access
Guard Placement Attacks on Path Selection Algorithms for Tor

. Point Break: A Study of Bandwidth Denial-of-Service Attacks against Tor. In 28th USENIX Security Symposium , 2019. [21] Aaron Johnson, Chris Wacek, Rob Jansen, Micah Sherr, and Paul Syverson. Users Get Routed: Traffic Correlation on Tor by Realistic Adversaries. In ACM Conference on Computer and Communications Security (CCS) , CCS ’13, 2013. [22] Marc Juarez, Sadia Afroz, Gunes Acar, Claudia Diaz, and Rachel Greenstadt. A Critical Evaluation of Website Fingerprinting Attacks. In Proceedings of the 2014 ACM SIGSAC Conference on Computer and

Open access
Investigating Statistical Privacy Frameworks from the Perspective of Hypothesis Testing

& communications security , pages 901–914. ACM, 2013. [4] Borja Balle and Yu-Xiang Wang. Improving the gaussian mechanism for differential privacy: Analytical calibration and optimal denoising. In International Conference on Machine Learning (ICML) , 2018. [5] Vincent Bindschaedler, Reza Shokri, and Carl A Gunter. Plausible deniability for privacy-preserving data synthesis. Proceedings of the VLDB Endowment , 10(5):481–492, 2017. [6] Yang Cao, Masatoshi Yoshikawa, Yonghui Xiao, and Li Xiong. Quantifying differential privacy under temporal correlations. In

Open access
Scalable and Anonymous Group Communication with MTor

, and P. Syverson. Users Get Routed: Traffic Correlation on Tor By Realistic Adversaries. In ACM Conference on Computer and Communications Security (CCS), November 2013. [30] P. Lewis and D. Rushe. http://www.theguardian.com/world/2014/oct/16/-sp-revealed-whisper-app-tracking-users. [31] H. Liu, E. Y. Vasserman, and N. Hopper. Improved Group Off-the-record Messaging. In ACM Workshop on Privacy in the Electronic Society (WPES), 2013. [32] N. Mathewson. Next-Generation Hidden Service in Tor. Draft 224, Tor Project, 2013

Open access
Privacy-Preserving Similar Patient Queries for Combined Biomedical Data

2015. [37] Jianchao Yao, Chunqi Chang, Mari L. Salmi, Yeung Sam Hung, Ann Loraine, and Stanley J. Roux. Genome-scale cluster analysis of replicated microarrays using shrinkage correlation coefficient. BMC Bioinformatics , 9(1):288, Jun 2008. [38] Michael B. Eisen, Paul T. Spellman, Patrick O. Brown, and David Botstein. Cluster analysis and display of genome-wide expression patterns. Proceedings of the National Academy of Sciences , 95(25):14863–14868, 1998. [39] dbSNP. https://www.ncbi.nlm.nih.gov/SNP/ . [40] Raphael Bost, Raluca Ada Popa

Open access
Students and Taxes: a Privacy-Preserving Study Using Secure Computation

Abstract

We describe the use of secure multi-party computation for performing a large-scale privacy-preserving statistical study on real government data. In 2015, statisticians from the Estonian Center of Applied Research (CentAR) conducted a big data study to look for correlations between working during university studies and failing to graduate in time. The study was conducted by linking the database of individual tax payments from the Estonian Tax and Customs Board and the database of higher education events from the Ministry of Education and Research. Data collection, preparation and analysis were conducted using the Share-mind secure multi-party computation system that provided end-to-end cryptographic protection to the analysis. Using ten million tax records and half a million education records in the analysis, this is the largest cryptographically private statistical study ever conducted on real data.

Open access
20,000 In League Under the Sea: Anonymous Communication, Trust, MLATs, and Undersea Cables

Abstract

Motivated by the effectiveness of correlation attacks against Tor, the censorship arms race, and observations of malicious relays in Tor, we propose that Tor users capture their trust in network elements using probability distributions over the sets of elements observed by network adversaries. We present a modular system that allows users to efficiently and conveniently create such distributions and use them to improve their security. To illustrate this system, we present two novel types of adversaries. First, we study a powerful, pervasive adversary that can compromise an unknown number of Autonomous System organizations, Internet Exchange Point organizations, and Tor relay families. Second, we initiate the study of how an adversary might use Mutual Legal Assistance Treaties (MLATs) to enact surveillance. As part of this, we identify submarine cables as a potential subject of trust and incorporate data about these into our MLAT analysis by using them as a proxy for adversary power. Finally, we present preliminary experimental results that show the potential for our trust framework to be used by Tor clients and services to improve security.

Open access
TagIt: Tagging Network Flows using Blind Fingerprints

Information Theory Workshop on , pages 37–41. IEEE, 2009. [11] J. A. Elices and F. Pérez-González. The flow fingerprinting game. In 2013 IEEE International Workshop on Information Forensics and Security, WIFS 2013, Guangzhou, China, November 18-21, 2013 , pages 97–102, 2013. [12] J. A. Elices and F. Pérez-González. A highly optimized flow-correlation attack. CoRR , abs/1310.4577, 2013. [13] B. F. U. Filho, R. D. Souza, C. Pimentel, and M. Jar. Convolutional codes under a minimal trellis complexity measure. IEEE Trans. Communications , 57(1):1–5, 2009

Open access